This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.guardian.co.uk/technology/2012/jul/09/dnschanger-malware-internet-blackout-fbi
The article has changed 6 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| DNSChanger malware causes internet blackout in over 42,000 computers | DNSChanger malware causes internet blackout in over 42,000 computers |
| (4 months later) | |
| Early Monday morning, at least 40,000 computers infected with the DNSChanger malware lost their connection to the internet after the FBI shut down a temporary safety net for users connected to the infected servers. | Early Monday morning, at least 40,000 computers infected with the DNSChanger malware lost their connection to the internet after the FBI shut down a temporary safety net for users connected to the infected servers. |
| DNSChanger malware alters the infected computer to prevent it from executing one of the most basic online functions. DNS (domain name system) servers translate an address, such as the guardiannews.com, to a numerical one, simplifying the web browsing process for the average computer user. Once the malware infects the host computer, users are redirected to fraudulent sites. | DNSChanger malware alters the infected computer to prevent it from executing one of the most basic online functions. DNS (domain name system) servers translate an address, such as the guardiannews.com, to a numerical one, simplifying the web browsing process for the average computer user. Once the malware infects the host computer, users are redirected to fraudulent sites. |
| Going into this morning's shutdown, the FBI estimated that nearly 42,000 unique IP addresses in the US were still infected with the virus with an estimated 211,000 IP addresses globally affected. However, IP addresses are not equitable to individual people or computers, so the amount of users infected was likely much higher than those numbers suggest. | Going into this morning's shutdown, the FBI estimated that nearly 42,000 unique IP addresses in the US were still infected with the virus with an estimated 211,000 IP addresses globally affected. However, IP addresses are not equitable to individual people or computers, so the amount of users infected was likely much higher than those numbers suggest. |
| At the infection's peak, more than 575,000 IP addresses were infected with the DNSChanger malware. Yet court documents from November show that more than 4m computers worldwide were infected, at least 500,000 of which were in the US. This makes the number of people affected much more difficult to pin down, especially because they can't share their frustrations on the internet (unless of course they have internet access on their phones or have access to another uninfected machine). | At the infection's peak, more than 575,000 IP addresses were infected with the DNSChanger malware. Yet court documents from November show that more than 4m computers worldwide were infected, at least 500,000 of which were in the US. This makes the number of people affected much more difficult to pin down, especially because they can't share their frustrations on the internet (unless of course they have internet access on their phones or have access to another uninfected machine). |
| Although the amount of infected computers are likely larger than reports suggest, the danger of the outbreak is not as serious as it seems. | Although the amount of infected computers are likely larger than reports suggest, the danger of the outbreak is not as serious as it seems. |
| Brian Krebs, investigative reporter at Krebsonsecurity.com, told the Guardian: "There are numerous similarly large outbreaks of malware and this one is by far the least threatening." | Brian Krebs, investigative reporter at Krebsonsecurity.com, told the Guardian: "There are numerous similarly large outbreaks of malware and this one is by far the least threatening." |
| In fact, Krebs believes the internet shutdown is one of the best things to happen because it will take the infected computers off the internet, creating a cleaner online environment for everyone else. | In fact, Krebs believes the internet shutdown is one of the best things to happen because it will take the infected computers off the internet, creating a cleaner online environment for everyone else. |
| Initially, the FBI safeguard was supposed to last 120 days, beginning in early November, but a court ordered a 120-day extension allowed the safeguards to remain in place until this morning. During that time, the FBI, Google, Facebook and internet service providers warned users of the impending shut down. | Initially, the FBI safeguard was supposed to last 120 days, beginning in early November, but a court ordered a 120-day extension allowed the safeguards to remain in place until this morning. During that time, the FBI, Google, Facebook and internet service providers warned users of the impending shut down. |
| Spokespersons from Verizon and Comcast said they contacted infected users through a variety of methods including phone calls, letters and email. Internet service providers were able to find these users by cross-checking their curstomers IP addresses against a list of infected IP addresses provided by the FBI. | Spokespersons from Verizon and Comcast said they contacted infected users through a variety of methods including phone calls, letters and email. Internet service providers were able to find these users by cross-checking their curstomers IP addresses against a list of infected IP addresses provided by the FBI. |
| As of this morning, the outreach seemed to have helped. Charlie Douglas, a Comcast spokesman, told the Guardian: "Going into this, we believe far less than even one tenth of one percent of our remaining infected customers hadn't taken action." | As of this morning, the outreach seemed to have helped. Charlie Douglas, a Comcast spokesman, told the Guardian: "Going into this, we believe far less than even one tenth of one percent of our remaining infected customers hadn't taken action." |
| The DNSChanger malware spread when a gang of cyberthieves operating under the name Rove Digital engaged in a sophisticated internet fraud scheme. Six members of the groups were arrested in November, one remains at large. | The DNSChanger malware spread when a gang of cyberthieves operating under the name Rove Digital engaged in a sophisticated internet fraud scheme. Six members of the groups were arrested in November, one remains at large. |
| Can't get online and want to check if it's because your computer is infected with DNSChanger? CBCNews explains how to check your IP setting against the rogue IP addresses. If you lost your internet connection, call your internet service provider, who can instruct you in the best way to reconnect to the internet. | Can't get online and want to check if it's because your computer is infected with DNSChanger? CBCNews explains how to check your IP setting against the rogue IP addresses. If you lost your internet connection, call your internet service provider, who can instruct you in the best way to reconnect to the internet. |
| Comments | |
| 28 comments, displaying first | |
| 9 July 2012 8:45PM | |
| Though it will pain you greatly, you should really be explaining that Apple users are just as likely to have been 'got' here. They are not - as so many of them wrongly believe - immune from this sort of thing, and deliberately omitting any reference to the Mac is only going to leave them exposed. | |
| http://www.dcwg.org/detect/ | |
| specifically | |
| http://www.dcwg.org/detect/checking-osx-for-infections/ | |
| Link to this comment: | |
| 9 July 2012 9:35PM | |
| Indeed. Apple users are by and large as clueless as any other computer user. | |
| Link to this comment: | |
| 9 July 2012 10:23PM | |
| Although the amount of infected computers are likely larger than reports suggest [...] | |
| Bad grammar is just bad grammar; it simply lacerates a writer's credibility. You mean the number of infected computers; and in any case "amount" is singular, so it should be "is likely." | |
| Go write: "Although the number of infected computers is likely larger than reports suggest, the danger of the outbreak is not as serious as it seems." 100 times! | |
| Link to this comment: | |
| 9 July 2012 10:37PM | |
| Although the amount of infected computers are likely larger than reports suggest, the danger of the outbreak is not as serious as it seems. | |
| Brian Krebs, investigative reporter at Krebsonsecurity.com, told the Guardian: "There are numerous similarly large outbreaks of malware and this one is by far the least threatening." | |
| plus the obvious fact that 44,000 personal computers temporarily not having internet access is a tiny amount, as is the 600,000 worst case scenario estimate in global terms. for security blogs and tech news, yes this is interesting, but for the guardian? at least you admit that this is a non-story... | |
| Link to this comment: | |
| 9 July 2012 10:39PM | |
| In fact, Krebs believes the internet shutdown is one of the best things to happen because it will take the infected computers off the internet, creating a cleaner online environment for everyone else. | |
| So, logically, if we infected all computers we would have the perfect on line environment? | |
| So that's what Microsoft was aiming for! | |
| Link to this comment: | |
| 9 July 2012 10:59PM | |
| the internet shutdown is one of the best things to happen because it will take the infected computers off the internet, creating a cleaner online environment for everyone else. | |
| ISPs could take the infected computers off the Internet too, in this case and in many other cases. | |
| When someone's box wants to talk to one of the "compromised servers" in a case like this, the ISPs could readily detect that traffic, and take the customer off the real Internet, notifying them of the problem (e.g. by faking an Internet where all the pages just say "Your computer is infested, please call us") and even assist the customer in fixing it if necessary. | |
| Two UK ISPs that have actually done this in the past include the small but wonderful Metronet, now sadly defunct, and at the opposite end of the size and quality scales, NTL (also now defunct). | |
| Link to this comment: | |
| 9 July 2012 11:06PM | |
| i think Krebs is hinting that DNSChanger has a propagation routine embedded somewhere, which means all the computers that have a chance to place backdoors for any further attacks will be cut off for now. | |
| i think just took offense with your term "logical" because it really wasn't. sorry... | |
| Link to this comment: | |
| 9 July 2012 11:18PM | |
| IP addresses are not equitable to individual people | |
| But surely if that's the case then The Digital Economy Act 2010 and other such bits of legislation are total pants? | |
| Link to this comment: | |
| 10 July 2012 12:23AM | |
| I'm sorry to have to say this about the best newspaper in the world, but the standard of the sub-editing is slipping dangerously, leaving you publishing articles that are on the verge of illiteracy. I can't take seriously a writer or a paper that doesn't know how to use the English language. I realise that times are hard for the press, but the proper use of the language is part of what should distinguish a professional paper from the ill-informed or biased 'news' available everywhere online. Try to have articles like this one proofread before you post them! | |
| Link to this comment: | |
| 10 July 2012 12:39AM | |
| About DNS-IP addresses..,why everybody people..to much worry..! Actually DNS-IP just a litle monster thecnology..and there's something really happens..in the world..,I mean US-Europe must be carrefully..,about Beyond thecnology effect globalism.. :o ;o ~_~ | |
| Link to this comment: | |
| 10 July 2012 12:43AM | |
| I agree... :-) =) | |
| Link to this comment: | |
| 10 July 2012 12:46AM | |
| thx and I understood.. ;o :-) | |
| Link to this comment: | |
| 10 July 2012 12:48AM | |
| Sir, | |
| Your use of the word numerical rather than numeric is - whilst not, strictly speaking, grammatically incorrect - not in keeping with the accepted norms of the spod community, and I therefore find it irksome. I demand your ritual suicide forthwith. | |
| Now, to get back on topic... | |
| Link to this comment: | |
| 10 July 2012 4:55AM | |
| Hear! Hear! | |
| Also, surely | |
| However, IP addresses are not equitable to individual people or computers | |
| should say 'equatable', not 'equitable'. | |
| Link to this comment: | |
| 10 July 2012 6:58AM | |
| Thanks for the advice in the last paragraph. Actually, I couldn't read the article because I can't get online. | |
| Link to this comment: | |
| 10 July 2012 7:32AM | |
| I suppose I'm the illiterate masses as I skimmed over the article and found it perfectly easy to read. | |
| Link to this comment: | |
| 10 July 2012 8:42AM | |
| And no doubt many, perhaps all, of the users with this, and other infections on their computers have invested in "state of art" protection software which has failed to do its job because users do not know the computer equivalent of the a, b, c... | |
| Link to this comment: | |
| 10 July 2012 9:14AM | |
| "The sky is falling, the sky is falling"........... | |
| Oh, wait a minute.... Sorry, my mistake. | |
| Link to this comment: | |
| 10 July 2012 10:06AM | |
| Whenever I go on line I am always concerned about the grammar and punctuation of the sites I go to, hold on there is something going wrong with my compu | |
| Link to this comment: | |
| 10 July 2012 10:10AM | |
| Likewise, I couldn't read your comment. I must be imagining this. | |
| Link to this comment: | |
| 10 July 2012 10:47AM | |
| Shouldn't that be "is likely to be larger"? | |
| Link to this comment: | |
| 10 July 2012 10:48AM | |
| I just realised why. The Guardian has just confirmed something I suspected. It presents itself to the US as guardiannews.com with the 'Latest US news, world news...' and used the same content to present itself as guardian.co.uk to a UK readership. So it's taking the cheap option and using the same content for two different audiences, something that comes apart - as we have seen - in the comments, what with the different grammar, punctuation and spellings. | |
| Of course, some of that content is created by illiterates, the product of both cultures. | |
| Link to this comment: | |
| 10 July 2012 11:07AM | |
| WTF. Just WTF. | |
| Link to this comment: | |
| 10 July 2012 11:12AM | |
| People who are offline will be able to read it in the dead tree edition of the paper tomorrow morning. | |
| Link to this comment: | |
| 10 July 2012 11:16AM | |
| Even the Guardian, renowned for its spelling and grammatical errors, should be ashamed of this article. I suppose proofreaders and sub-editors are considered a luxury or superfluous in these days of austerity and spell checkers, but don't journalists check their work to ensure that it isn't littered with errors? Or can the Guardian not afford to pay for anyone who is able to write properly. | |
| Whenever journalists are sloppy in their use of English they are probably equally sloppy in their research and fact-checking. As a result their articles lose credibility as, ultimately, do the newspapers/journals that allow their publication. | |
| Link to this comment: | |
| 10 July 2012 12:23PM | |
| So it's taking the cheap option and using the same content for two different audiences, something that comes apart - as we have seen - in the comments, what with the different grammar, punctuation and spellings. | |
| I get the impression some times that in the event of a major disaster in Britain, say a nuclear meltdown, some people would be more concerned with typos, grammar and punctuation, OK the Guardian should pick up these things, bt its not the world of the end. | |
| Link to this comment: | |
| 10 July 2012 2:52PM | |
| Grammar Nazi | |
| Link to this comment: | |
| 10 July 2012 7:09PM | |
| Wholeheartedly agree with the above comments about the shoddy proof-reading of the Guardiian lately. | |
| Link to this comment: | |
| Comments on this page are now closed. | |
| Apple readies Flashback malware removal tool: but how big is the risk? | |
| 12 Apr 2012 | |
| Botnet caused by infections most recently through Java exploit may have infected up to 1% of installed base – but are the risks for Mac owners really growing? By Charles Arthur | |
| 30 Aug 2012 | |
| State-sponsored cyber espionage projects now prevalent, say experts | |
| 17 Jul 2012 | |
| Middle East officials targeted by cyber espionage 'Madi' attackers | |
| 6 Jul 2012 | |
| DNSChanger Trojan: is your computer infected and what to do if it is | |
| 8 Mar 2012 | |
| Google's Chrome browser is first to fall at Pwn2own hacking contest | |
| How computer hackers do what they do ... and why | |
| 6 Jun 2011 | |
| The image of lone teenager in a dark bedroom is outdated: hackers now are often gregarious and connected at all times | |
| Turn autoplay off | |
| Turn autoplay on | |
| Please activate cookies in order to turn autoplay off | |
| Edition: UK | |
| About us | |
| Today's paper | |
| Subscribe | |
| Infected US addresses lose connections to the internet as FBI's eight-month safety net against virus expires | |
| Early Monday morning, at least 40,000 computers infected with the DNSChanger malware lost their connection to the internet after the FBI shut down a temporary safety net for users connected to the infected servers. | |
| DNSChanger malware alters the infected computer to prevent it from executing one of the most basic online functions. DNS (domain name system) servers translate an address, such as the guardiannews.com, to a numerical one, simplifying the web browsing process for the average computer user. Once the malware infects the host computer, users are redirected to fraudulent sites. | |
| Going into this morning's shutdown, the FBI estimated that nearly 42,000 unique IP addresses in the US were still infected with the virus with an estimated 211,000 IP addresses globally affected. However, IP addresses are not equitable to individual people or computers, so the amount of users infected was likely much higher than those numbers suggest. | |
| At the infection's peak, more than 575,000 IP addresses were infected with the DNSChanger malware. Yet court documents from November show that more than 4m computers worldwide were infected, at least 500,000 of which were in the US. This makes the number of people affected much more difficult to pin down, especially because they can't share their frustrations on the internet (unless of course they have internet access on their phones or have access to another uninfected machine). | |
| Although the amount of infected computers are likely larger than reports suggest, the danger of the outbreak is not as serious as it seems. | |
| Brian Krebs, investigative reporter at Krebsonsecurity.com, told the Guardian: "There are numerous similarly large outbreaks of malware and this one is by far the least threatening." | |
| In fact, Krebs believes the internet shutdown is one of the best things to happen because it will take the infected computers off the internet, creating a cleaner online environment for everyone else. | |
| Initially, the FBI safeguard was supposed to last 120 days, beginning in early November, but a court ordered a 120-day extension allowed the safeguards to remain in place until this morning. During that time, the FBI, Google, Facebook and internet service providers warned users of the impending shut down. | |
| Spokespersons from Verizon and Comcast said they contacted infected users through a variety of methods including phone calls, letters and email. Internet service providers were able to find these users by cross-checking their curstomers IP addresses against a list of infected IP addresses provided by the FBI. | |
| As of this morning, the outreach seemed to have helped. Charlie Douglas, a Comcast spokesman, told the Guardian: "Going into this, we believe far less than even one tenth of one percent of our remaining infected customers hadn't taken action." | |
| The DNSChanger malware spread when a gang of cyberthieves operating under the name Rove Digital engaged in a sophisticated internet fraud scheme. Six members of the groups were arrested in November, one remains at large. | |
| Can't get online and want to check if it's because your computer is infected with DNSChanger? CBCNews explains how to check your IP setting against the rogue IP addresses. If you lost your internet connection, call your internet service provider, who can instruct you in the best way to reconnect to the internet. |